Guido Bertoni Jean-Sébastien Coron (Eds.) Cryptographic Hardware 6 8 0 and Embedded Systems – 8 S C CHES 2013 N L 15th International Workshop Santa Barbara, CA, USA, August 2013 Proceedings 123 Lecture Notes in Computer Science 8086 CommencedPublicationin1973 FoundingandFormerSeriesEditors: GerhardGoos,JurisHartmanis,andJanvanLeeuwen EditorialBoard DavidHutchison LancasterUniversity,UK TakeoKanade CarnegieMellonUniversity,Pittsburgh,PA,USA JosefKittler UniversityofSurrey,Guildford,UK JonM.Kleinberg CornellUniversity,Ithaca,NY,USA AlfredKobsa UniversityofCalifornia,Irvine,CA,USA FriedemannMattern ETHZurich,Switzerland JohnC.Mitchell StanfordUniversity,CA,USA MoniNaor WeizmannInstituteofScience,Rehovot,Israel OscarNierstrasz UniversityofBern,Switzerland C.PanduRangan IndianInstituteofTechnology,Madras,India BernhardSteffen TUDortmundUniversity,Germany MadhuSudan MicrosoftResearch,Cambridge,MA,USA DemetriTerzopoulos UniversityofCalifornia,LosAngeles,CA,USA DougTygar UniversityofCalifornia,Berkeley,CA,USA GerhardWeikum MaxPlanckInstituteforInformatics,Saarbruecken,Germany Guido Bertoni Jean-Sébastien Coron (Eds.) Cryptographic Hardware and Embedded Systems – CHES 2013 15th International Workshop Santa Barbara, CA, USA, August 20-23, 2013 Proceedings 1 3 VolumeEditors GuidoBertoni STMicroelectronics AgrateBrianza,Italy E-mail:[email protected] Jean-SébastienCoron UniversityofLuxembourg Luxembourg E-mail:[email protected] ISSN0302-9743 e-ISSN1611-3349 ISBN978-3-642-40348-4 e-ISBN978-3-642-40349-1 DOI10.1007/978-3-642-40349-1 SpringerHeidelbergDordrechtLondonNewYork LibraryofCongressControlNumber:2013945108 CRSubjectClassification(1998):E.3,D.4.6,K.6.5,E.4,C.2,G.2 LNCSSublibrary:SL4–SecurityandCryptology ©InternationalAssociationforCryptologicResearch2013 Thisworkissubjecttocopyright.AllrightsarereservedbythePublisher,whetherthewholeorpartof thematerialisconcerned,specificallytherightsoftranslation,reprinting,reuseofillustrations,recitation, broadcasting,reproductiononmicrofilmsorinanyotherphysicalway,andtransmissionorinformation storageandretrieval,electronicadaptation,computersoftware,orbysimilarordissimilarmethodology nowknownorhereafterdeveloped.Exemptedfromthislegalreservationarebriefexcerptsinconnection withreviewsorscholarlyanalysisormaterialsuppliedspecificallyforthepurposeofbeingenteredand executedonacomputersystem,forexclusiveusebythepurchaserofthework.Duplicationofthispublication orpartsthereofispermittedonlyundertheprovisionsoftheCopyrightLawofthePublisher’slocation, initscurrentversion,andpermissionforusemustalwaysbeobtainedfromSpringer.Permissionsforuse maybeobtainedthroughRightsLinkattheCopyrightClearanceCenter.Violationsareliabletoprosecution undertherespectiveCopyrightLaw. Theuseofgeneraldescriptivenames,registerednames,trademarks,servicemarks,etc.inthispublication doesnotimply,evenintheabsenceofaspecificstatement,thatsuchnamesareexemptfromtherelevant protectivelawsandregulationsandthereforefreeforgeneraluse. Whiletheadviceandinformationinthisbookarebelievedtobetrueandaccurateatthedateofpublication, neithertheauthorsnortheeditorsnorthepublishercanacceptanylegalresponsibilityforanyerrorsor omissionsthatmaybemade.Thepublishermakesnowarranty,expressorimplied,withrespecttothe materialcontainedherein. Typesetting:Camera-readybyauthor,dataconversionbyScientificPublishingServices,Chennai,India Printedonacid-freepaper SpringerispartofSpringerScience+BusinessMedia(www.springer.com) Preface The 15th International Workshop on Cryptographic Hardware and Embedded Systems (CHES 2013) was held at Santa Barbara, California, USA, during August 20–23, 2013. The workshop was sponsored by the International Asso- ciation for Cryptologic Research. CHES 2013 received 132 submissions. The 43 members of the Program Committee were assisted by more than 190 external reviewers. In total, they delivered 463 reviews. Each submission was reviewed by at least three Program Committee members. Submissions by ProgramCommittee members receivedat least five reviews. The review process wasdouble-blind, and conflicts of interest were handled carefully. Eventually, the Program Committee selected 27 papers (a 20% acceptance rate) for publication in the proceedings. CHES 2013 used, for the second time, an author rebuttal. After five weeks of individual review, and a week of initial online discussions, the reviews were forwarded to the submitting authors. The authors were invited to provide a text-only rebuttal of no more than 3,000 characters. The rebuttals were then included in the online discussion system, to guide the paper decision process in three additional weeks of online discussion. The program also included two invited talks, by John Kelsey from NIST, and by Adam Langley from Google (joint with CRYPTO 2013). For the second time, the program included two tutorials on cryptographic engineering aimed at newcomers in CHES. The tutorials were givenby Emmanuel Proufffrom the FrenchNetworkandInformationSecurityAgency,France,andbyColinO’Flynn from Dalhousie University, Canada. The CHES 2013 Best Paper Award went to Thomaz Oliveira, Julio L´opez, Diego F. Aranha, and Francisco Rodr´ıguez- Henr´ıquez for their paper “Lambda Coordinates for Binary Elliptic Curves.” Many people contributed to CHES 2013. We thank the authors for con- tributing their excellent research, and for participating in the rebuttal process. We thank the Program Committee members, and their external reviewers, for making a significant effort over an extended period of time to select the right papers for the program. WeparticularlythankStefanMangard,theChairoftheCHESSteeringCom- mittee,andC¸etinKayaKo¸candThomasEisenbarth,theGeneralCo-chairs,who took care of many practical details of the event. We are very grateful to Shai Halevi, who wrote the review software. The website was maintained by Jens PeterKaps; we appreciatehis supportthroughoutCHES. Finally, we thank our sponsors for supporting CHES financially: Cryptography Research, CryptoEx- perts,Infineon,IntrinsicID,MicroSemi,NXP,Oberthur,Riscure,Sakura,Secure IC and Technicolor. June 2013 Guido Bertoni Jean-S´ebastienCoron CHES 2013 Workshop on Cryptographic Hardware and Embedded Systems Santa-Barbara, California, USA, 20–23 August, 2013 Sponsored by International Association for Cryptologic Research General Co-chairs Thomas Eisenbarth Worcester Polytechnic Institute, USA C¸etin Kaya Ko¸c University of California Santa Barbara, USA Program Co-chairs Guido Bertoni STMicroelectronics, Italy Jean-S´ebastienCoron University of Luxembourg, Luxembourg Program Committee Lejla Batina Radboud University Nijmegen, The Netherlands Daniel J. Bernstein University of Illinois at Chicago, USA and Technische Universiteit Eindhoven, The Netherlands Alex Biryukov University of Luxembourg, Luxembourg Andrey Bogdanov Technical University of Denmark, Denmark Christophe Clavier University of Limoges, France Junfeng Fan KU Leuven, Belgium Benoit Feix UL Transactions, UK Wieland Fischer Infineon Technologies, Germany Pierre-Alain Fouque ENS, France Kris Gaj George Mason University, USA Benedikt Gierlichs KU Leuven, Belgium Louis Goubin University of Versailles, France Johann Groszschaedl University of Luxembourg, Luxembourg Shay Gueron University of Haifa and Intel Corporation, Israel Tim Gu¨neysu Ruhr-Universit¨at Bochum, Germany Helena Handschuh Cryptography Research, USA and KU Leuven, Belgium VIII CHES 2013 Marc Joye Technicolor, France Roger Khazan MIT Lincoln Laboratory, USA Ilya Kizhvatov Riscure, The Netherlands Soonhak Kwon Sungkyunkwan University, Korea Gregor Leander Technical University of Denmark, Denmark Kerstin Lemke-Rust Bonn-Rhein-Sieg University of Applied Sciences, Germany Shiho Moriai NICT, Japan David Naccache ENS, France Christof Paar Ruhr-Universit¨at Bochum, Germany Dan Page University of Bristol, UK Axel Poschmann Nanyang Technological University, Singapore Emmanuel Prouff ANSSI, France Francesco Regazzoni TU Delft, The Netherlands and ALaRI, Switzerland Matthieu Rivain CryptoExperts, France Ahmad-Reza Sadeghi TU Darmstadt, Germany Akashi Satoh AIST, Japan Patrick Schaumont Virginia Tech, USA Daisuke Suzuki Mitsubishi Electric, Japan Yannick Teglia STMicroelectronics, France Mehdi Tibouchi NTT Secure Platform Laboratories, Japan Stefan Tillich University of Bristol, UK Pim Tuyls Intrinsic-ID, The Netherlands Colin Walter Royal Holloway, UK Dai Yamamoto Fujitsu Laboratories, Japan Bo-Yin Yang Academia Sinica, Taiwan External Reviewers Michel Agoyan Alexandre Berzatti Cheon Toru Akishita Shivam Bhasin Brendon Chetwynd Martin Albrecht Begu¨l Bilgin L(cid:3)ukasz Chmielewski Yoshinori Aono Christina Boura Mafalda Cortez Frederik Armknecht Samuel Burri Jean-Christophe Simrit Arora Yann Le Corre Courrege Jean-Philippe Aumasson Wouter Castryck Arnaud Dambra Josep Balasch Yun-An Chang Patrick Derbez Valentina Banciu Ricardo Chaves Itai Dinur Alessandro Barenghi Ming-Shing Chen Emmanuelle Dottax Timo Bartkewitz Wei-Han Chen Markus Duermuth Georg T. Becker Zhimin Chen Sylvain Duquesne Sonia Bela¨ıd Chen-Mou Cheng Baris Ege Coˆme Berbain Jinsu Kim and Jung Hee Ilze Eichhorn CHES 2013 IX Soo-Kyung Eom Elif Bilge Kavun Svetla Petkova-Nikova Sebastian Faust Dmitry Khovratovich John Pham Matthieu Finiasz Eike Kiltz Alexey Pospelov Julien Francq Howon Kim Ivan Pustogarov Benjamin Fuller Sungwook Kim Thomas P¨oppelmann Georges Gagnerot Miroslav Knezevic Yamini Ravishankar Sebastian Gajek Patrick Koeberl Oscar Reparaz Jake Longo Galea Eric Koziel Thomas Roche David Galindo Joshua Kramer Pankaj Rohatgi Bayrak Ali Galip Sebastian Kutzner Mylene Roussellet Berndt Gammel Tanja Lange Arnab Roy Benoit Gerard Haw Lee Sujoy Sinha Roy Christophe Giraud Mun-Kyu Lee Minoru Saeki Nicolas Guillermin Soojoon Lee Koichi Sakumoto Frank K. Gurkaynak Younho Lee Fabrizio De Santis Job de Haas Vincent van der Leest Yu Sasaki Bilal Habib Tancr`ede Lepoint Falk Schellenberg Mike Hamburg Yang Li Peter Schwabe Dong-Guk Han Victor Lomn´e Mike Scott JonathanPo-HsiangHao David Lubicz Pouyan Sepehrdad Po-Hsiang Hao Roel Maes Rabia Shahid Robert Hesselbarth Stefan Mangard Malik Umar Sharif Stefan Heyse Damien Marion Koichi Shimizu Matthias Hiller Mark E. Marson Mitsuru Shiozaki Gesine Hinterwa¨lder Dan Martin Merrielle Spain Harunaga Hiwatari Albert Martinez Marc Stattinger Simon Hoerder Luke Mather Takeshi Sugawara Naofumi Homma Ingo von Maurich Berk Sunar Ekawat Homsirikamol Filippo Melzani Ruggero Susella Yohei Hori Bernd Meyer Pawel Swierczynski Michael Hutter Oliver Mischke Junko Takahashi Kyle Ingols Hideyuki Miyake Loic Thierry Gene Itkis Amir Moradi Enrico Thomae Kouichi Itoh Sumio Morioka Lucille Tordella Tetsuya Izu Nadia El Mrabet Michael Tunstall Nisha Jacob Elke De Mulder Markus Ullmann Dirmanto Jap Jean Nicolai Vesselin Velichkov Eliane Jaulmes Velickovic Nikola Praveen Kumar Vadnala Yier Jin Svetla Nikova Mayank Varia Bernhard Jungk Jasmina Omi´c Alexandre Venelli Hyunho Kang Elisabeth Oswald SrinivasVivekVenkatesh Koray Karabina Ilya Ozerov Ingrid Verbauwhede Pierre Karpman Jing Pan Frederik Vercauteren Saffija Kasem-Madani Cheol-Min Park Vincent Verneuil Toshihiro Katashita Roel Peeters Karine Villegas X CHES 2013 Christian Wachsmann Antoine Wurcker Xiaoxu Yao Erich Wenger Marcin W´ojcik Arkady Yerukhimovich Carolyn Whitnall Sophia Yakoubov Ching-Hua Yu Alexander Wild Tolga Yalcin Aaram Yun Jonas Sung-Ming Wu PanasayyaYalla Ralf Zimmermann Table of Contents Side-Channel Attacks On the Simplicity of Converting Leakages from Multivariate to Univariate: Case Study of a Glitch-Resistant Masking Scheme ......... 1 Amir Moradi and Oliver Mischke Success through Confidence: Evaluating the Effectiveness of a Side-Channel Attack............................................ 21 Adrian Thillard, Emmanuel Prouff, and Thomas Roche Profiling DPA: Efficacy and Efficiency Trade-Offs .................... 37 Carolyn Whitnall and Elisabeth Oswald Non-invasive Spoofing Attacks for Anti-lock Braking Systems.......... 55 Yasser Shoukry, Paul Martin, Paulo Tabuada, and Mani Srivastava Physical Unclonable Function An Accurate Probabilistic Reliability Model for Silicon PUFs.......... 73 Roel Maes A High Reliability PUF Using Hot Carrier Injection Based Response Reinforcement ................................................... 90 Mudit Bhargava and Ken Mai On the Effectiveness of the Remanence Decay Side-Channel to Clone Memory-BasedPUFs............................................. 107 Yossef Oren, Ahmad-Reza Sadeghi, and Christian Wachsmann Lightweight Cryptography Pushing the Limits of SHA-3 Hardware Implementations to Fit on RFID........................................................ 126 Peter Pessl and Michael Hutter Fides:LightweightAuthenticatedCipherwithSide-ChannelResistance for Constrained Hardware......................................... 142 Begu¨l Bilgin, Andrey Bogdanov, Miroslav Kneˇzevi´c, Florian Mendel, and Qingju Wang